- From: Mészáros Mihály via GitHub <sysbot+gh@w3.org>
- Date: Thu, 08 Nov 2018 09:09:56 +0000
- To: public-webrtc-logs@w3.org
According rtweb Security Architecture draft the Trust base is the Browser and not the App.. This way I think we should keep this decision for the user and UA/browser. I believe it should be allowed for the user (or enterprise)to choose which TURN relay service to use. I fully agree Mozilla implementation that gives the freedom to choose. media.peerconnection.ice.default_address_only * By default it is false, so it combines App and the default TURN servers. * But if it set to true it gives the opportunity to force browser to use only the default trusted ICE servers. Which could be pre-provisioned by enterprise or set by end user (or may autoconfigured rfc8155) I see benefits of using internal/well-know/trusted TURN service instead App configured: * It allows enterprise to keep traffic (to TURN server) inside the trusted enterprise global network. * By default for End-user/enterprise the underlying TURN service quality is unknown. (Even more, may it is not trusted, e.g. may someone could extract info from the relayed traffic.), and want to be sure that their data kept inside the enterprise trusted global network if possible and relayed only on the edge where TURN service Level is measured and well-known and trusted. @youennf * I think it should be to up to the browser settings if the defaultICE server should be exposed or not for the App. (may scoped by domain) * And one another option to control to combine App ICE servers and default ICE servers or use only default ICE servers. -- GitHub Notification of comment by misi Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/2023#issuecomment-436923677 using your GitHub account
Received on Thursday, 8 November 2018 09:09:57 UTC